Service accounts cannot invite attendees

Question

I am trying to create an event using google calendar API (from Service account). Event is creating fine for the calender name 'd2020@gmail.com'. But When I add attendee, it gives error

"Service accounts cannot invite attendees without Domain-Wide Delegation of Authority."

Configuration

1. I setup the Google project using a personal account 'd2020@gmail.com'
2. Using this project, I created a service account ('abc@abc.iam.gserviceaccount.com')
3. Then I created a Calendar using same account.
4. Then I registered a Google Work space account 'xyz@myorg.com'
5. Using this google work space account I provide calendar scopes to my service account

Am I missing anything?

My Code

    from __future__ import print_function
    import datetime
    import os.path
    from googleapiclient.discovery import build
    from google_auth_oauthlib.flow import InstalledAppFlow
    from google.auth.transport.requests import Request
    from google.oauth2.credentials import Credentials
    from google.oauth2 import service_account

SCOPES = ['https://www.googleapis.com/auth/calendar.readonly','https://www.googleapis.com/auth/calendar'
,'https://www.googleapis.com/auth/calendar.events.readonly','https://www.googleapis.com/auth/calendar.events']
SERVICE_ACCOUNT_FILE = 'credentials.json'


def main():
    """Shows basic usage of the Google Calendar API.
    Prints the start and name of the next 10 events on the user's calendar.
    """
    creds = None
    # The file token.json stores the user's access and refresh tokens, and is
    # created automatically when the authorization flow completes for the first
    # time.
    
    creds =service_account.Credentials.from_service_account_file(SERVICE_ACCOUNT_FILE, scopes=SCOPES)
    delegated_credentials = creds.with_subject('abc@abc.iam.gserviceaccount.com')
       
    service = build('calendar', 'v3', credentials=delegated_credentials)
    


    
    event = {
      'summary': 'Driving Lessons',
      'location': 'Driviology Driving school',
      'description': 'Usman is Testing',
      'start': {
        'dateTime': '2022-08-23T09:00:00-07:00',
        'timeZone': 'America/Los_Angeles',
      },
      'end': {
        'dateTime': '2022-08-23T17:00:00-07:00',
        'timeZone': 'America/Los_Angeles',
      },
      'recurrence': [
        'RRULE:FREQ=DAILY;COUNT=2'
      ],
     'attendees': [
    {'email': 'usman6171@gmail.com'},
    
  ],
      
      'reminders': {
        'useDefault': False,
        'overrides': [
          {'method': 'email', 'minutes': 24 * 60}
          
        ],
      },
    }

    event = service.events().insert(calendarId='d2020@gmail.com', body=event).execute()
    print ('Event created: %s' % (event.get('htmlLink')))  
    
        
   
    if __name__ == '__main__':
        main()

Answer 1

Domain Wide Delegation on the Admin Console for Google Workspace

You would need to add the Client ID over your Admin console with the scopes needed to handle the calendar:

1. Go to https://admin.google.com/
2. Go to Security > API Controls > Domain-wide Delegation
3. Set the client ID of your service account
4. Set the following scopes:

https://www.googleapis.com/auth/calendar
https://www.googleapis.com/auth/calendar.events
https://www.googleapis.com/auth/admin.directory.resource.calendar